When a user authenticates, embedNew is used to send a random CSRF value as a cookie. (Alternatively,
an authenticating service can be wrapped in withNewToken).
By default, for requests that are unsafe (PUT, POST, DELETE, PATCH), services protected by the validated method in the
middleware will check that the csrf token is present in both the header headerName and the cookie cookieName.
Due to the Same-Origin policy, an attacker will be unable to reproduce this value in a
custom header, resulting in a 403 Forbidden response.
By default, requests with safe methods (such as GET, OPTIONS, HEAD) will have a new token embedded in them if there isn't one,
or will receive a refreshed token based off of the previous token to mitigate the BREACH vulnerability. If a request
contains an invalid token, regardless of whether it is a safe method, this middleware will fail it with
403 Forbidden. In this situation, your user(s) should clear their cookies for your page, to receive a new
token.
The default can be overridden by modifying the predicate in validate. It will, by default, check if the method is safe.
Thus, you can provide some whitelisting capability for certain kinds of requests.
We'd like to emphasize that you please follow proper design principles in creating endpoints, as to
not mutate in what should otherwise be idempotent methods (i.e no dropping your DB in a GET method, or altering
user data). Please do not use the CSRF protection from this middleware as a safety net for bad design.
Extract a CsrfToken, if present, from the request,
then try generate a new token signature, or fail with a validation error.
If not present, generate a new token
Extract a CsrfToken, if present, from the request,
then try generate a new token signature, or fail with a validation error.
If not present, generate a new token
Sign our token using the current time in milliseconds as a nonce
Signing and generating a token is potentially a unsafe operation
if constructed with a bad key.
Sign our token using the current time in milliseconds as a nonce
Signing and generating a token is potentially a unsafe operation
if constructed with a bad key.
Constructs a middleware that will check for the csrf token
presence on both the proper cookie, and header values,
if the predicate is not satisfied
Constructs a middleware that will check for the csrf token
presence on both the proper cookie, and header values,
if the predicate is not satisfied
If it is a valid token, it will then embed a new one,
to effectively randomize the complete token while
avoiding the generation of a new secure random Id, to guard
against BREACH